﻿using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class ajax_adduser : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["id_user"] != null && Session["permission"] != null
            && (((int)Session["permission"]) >= 2 && ((int)Session["permission"]) <= 3))
        { 
            //'fullname': $('#fullname_user').val(),
            //'username': $('#name_user').val(),
            //'password': $('#password_user').val(),
            //'email'   : $('#email_user').val(),
            //'phone'   : $('#phone_user').val(),
            //'permission': $('#permission_user').val(),
            //'mailwhenwork': $('#mailwhenwork_user').is(":checked"),
            //'mailwhencomment': $('#mailwhencomment_user').is(":checked") 
            #region Check and standard input
            string fullname = comm.to_sql(comm.StandardString(Request["fullname"]), "string");
            // check username
            string username = comm.RemoveSpace(Request["username"]);
            if (username.Length == 0)
            {
                Response.Write("FAIL");
                return;
            }
            username = comm.to_sql(username, "string");
            string sql = "SELECT id FROM [user] WHERE userName=" + username;
            if (dal.SelectTable(sql).Rows.Count >= 1)
            {
                Response.Write("DUPLICATE");
                return;
            }

            // check email
            string email = comm.RemoveSpace(Request["email"]);
            if (email.Length == 0 || !comm.isValidEmail(email))
            {
                Response.Write("FAIL");
                return;
            }
            email = comm.to_sql(email, "string");
            sql = "SELECT id FROM [user] WHERE email=" + email;
            if (dal.SelectTable(sql).Rows.Count >= 1)
            {
                Response.Write("EMAIL");
                return;
            }

            // check password
            string password = Request["password"];
            if (password.Length == 0)
            {
                Response.Write("FAIL");
                return;
            }
            password = comm.to_sql(password, "string");

            string phone = comm.to_sql(comm.RemoveSpace(Request["phone"]), "string");
            string permission = "5";
            try
            {
                int permis = Int32.Parse(Request["permission"]);
                if (permis >= 3)
                    permission = permis.ToString();
                else
                    throw new Exception();
            }
            catch
            {
                permission = "5";
            }
            string mailwhenwork = (Request["mailwhenwork"] == "true") ? "1" : "0";
            string mailwhencomment = (Request["mailwhencomment"] == "true") ? "1" : "0";
            #endregion

            #region GET parentId
            string parentId = comm.to_sql(Session["id_user"].ToString(), "number");
            if (((int)Session["permission"]) == 3)
            {
                sql = "SELECT parentId FROM [user] WHERE id=" + comm.to_sql(Session["id_user"].ToString(), "number");
                DataTable dtTable = dal.SelectTable(sql);
                if (dtTable.Rows.Count == 1)
                {
                    parentId = comm.to_sql(dtTable.Rows[0]["parentId"].ToString(), "number");
                }
                else
                {
                    Response.Write("FAIL");
                    return;
                }
            }
            #endregion

            sql = "INSERT INTO [user](userName,password,permission,email,phone,parentId,fullname,mailwhenwork,mailwhencomment) " +
                  " Values(" + username + "," + password + "," + permission + "," + email + "," + phone + "," + parentId + "," + fullname +
                  "," + mailwhenwork + "," + mailwhencomment + ")";
            if (dal.Execute(sql) == 1)
            {
                Response.Write("OK");
                return;
            }
            else
            {
                Response.Write("FAIL");
                return;
            }
        }
    }
}
